Tuesday, December 16, 2014

iPhone 5c S/MIME and openssl

I just got an iPhone 5c (my very first iOS product) and wanted to send emails with key signing and possibly encryption. Unfortunately it looks like Apple decided against using PGP or GPG and instead went with S/MIME. Oh well, I had to create a new pair of keys, but that is where my problems started.

The iOS platform is very particular when it comes to using S/MIME keys for signing and encrypting. I shall outline the steps I went through to get this working on my device.

** As a side-note I will add that I spend about 3 hours online with Apple tech support, speaking to three separate managers and one person that works with enterprise. They were all very 'Amazed' that I was able to figure this out, because they really had no idea how to help me out since I do not own any other Apple products. **

Step one:

Set up your email account on the iOS device and make sure it is working (sending and receiving email).

Step two: edit your openssl.cnf file

%: su

%: vi /etc/ssl/openssl.cnf

Scroll down to where it says [ usr_cert ] and make sure your section looks like mine:

If you get a message that says "No valid certificates found" you probably missed a step in your key creation. Please go back and try again. It took me about 4 hours to figure out how to get my iPhone to realize I do in fact have a valid certificate.

** Note **

You do not need to slide the 'encrypt by default' to green in order to send an encrypted email. When you compose a new email, if you click on the persons name you wish to send to, there will be a lock key icon. Clicking that icon to close it will attempt to send an encrypted message but YOU MUST HAVE A COPY OF THEIR KEY TO SEND AN ENCRYPTED MESSAGE TO THEM. You do not need anyone else's key to sing an email, but you do need their public key to send them an encrypted message. If you do not have their key you will be given an error message.